8 matches found
CVE-2023-20887
CVE-2023-20887 affects VMware Aria Operations for Networks (formerly vRealize Network Insight). The vulnerability is a command-injection via the Apache Thrift RPC interface that allows an unauthenticated attacker with network access to execute arbitrary commands on the appliance as root, with CVS...
CVE-2023-34039
CVE-2023-34039 affects VMware Aria Operations for Networks (formerly vRealize Network Insight). Affected versions 6.0–6.10 did not regenerate SSH keys for the internal support/ubuntu users, enabling an attacker with network access to bypass SSH authentication and gain CLI access. Root cause: lack...
CVE-2023-20890
VMware Aria Operations for Networks is affected by CVE-2023-20890, an arbitrary file write vulnerability that authenticated administrators can abuse to write files to arbitrary locations and achieve remote code execution. Nessus plugin confirms multiple affected 6.x versions; VMware has released ...
CVE-2024-22237
CVE-2024-22237 affects VMware Aria Operations for Networks. The vulnerability is a local privilege escalation where a console user with access can escalate to root privileges. Affected product/version evidence: Aria Operations for Networks, 6.x, with exploitation noted for local privilege escalat...
CVE-2024-22239
CVE-2024-22239 affects VMware Aria Operations for Networks (formerly vRealize Network Insight). The vulnerability is a local privilege escalation where a console user with access can escalate privileges to obtain a regular shell. VMware’s VMSA-2024-0002 details this alongside four related CVEs (2...
CVE-2024-22240
CVE-2024-22240 affects VMware Aria Operations for Networks. The issue is a local file read vulnerability exploitable by a user with admin/management privileges, potentially allowing unauthorized access to sensitive data. Public details describe the vulnerability without providing exploit steps be...
CVE-2024-22238
CVE-2024-22238 affects VMware Aria Operations for Networks. The vulnerability is a cross-site scripting (XSS) flaw caused by improper input sanitization that could allow a malicious actor with admin privileges to inject code into user profile configurations. Impacted product: Aria Operations for ...
CVE-2024-22241
VMware Aria Operations for Networks (formerly vRealize Network Insight) is affected by CVE-2024-22241, a cross-site scripting vulnerability in the login banner that an admin user can abuse to inject code and allegedly take over a user account. Affected product/version: Aria Operations for Network...